What's new

Ipv6 suppress_prefixlength broken on some routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ZebMcKayhan

Very Senior Member
Hello,

When attempting ipv6 policy routing I've currently failing seemingly due to "ip rule ... suppress_prefixlength 0" does not seem to supress anything for ipv6 on some router models. It is meant to be able to consult a route table for routes more specific than prefix length 0, meaning use any routes but not default route. This comes very handy for policy routes.

To replicate we could setup a simple policy route table using some unknown internet destination. Let's choose 2600:: since it's easy to write:
We can check where router would normally route this by:
Code:
ip -6 route get 2600::
It would output to your wan ipv6.

Now, lets just tell the router that this destination is found on our lan for convenience, just for the sake of testing, I.e:
Code:
ip -6 route add 2600:: dev br0 table 10
ip -6 rule add from all to 2600:: lookup 10 prio 11

And we can try again:
Code:
ip -6 route get 2600::
Now the router wants to send this destination to br0 because we told it so. It's not going to work, but that's not the point.

Now we ask router to consult main table for all routes except the default route before going to our policy table, which should not find a route so it should not affect us:
Code:
ip -6 rule add from all to 2600:: lookup main suppress_prefixlength 0 prio 10

And we test again:
Code:
ip -6 route get 2600::
Now, unless there is a more specific route to 2600:: in main routing table the result we should get is br0. But on some routers it's wan meaning suppress_prefixlength have not suppressed anything. The same Commands works as expected on all routers I've tested on for ipv4.

Finally, to restore system after the test:
Code:
ip -6 rule del prio 10
ip -6 rule del prio 11

Routers tested that fails for ipv6:
RT-AX86U (388.8_4) https://www.snbforums.com/threads/wireguard-client-with-ipv6-enabled.92922/post-934311
RT-AX88U (388.8_4) many thanks to @archiel for testing this.

Routers tested that it works for ipv6:
RT-AX86U PRO - 388.8_2 & 388.8_4

I was hoping some more people could confirm this, so it's not just me. Or maybe I'm just doing something wrong or missing something?

I don't think Asus or @RMerlin uses this function in fw and I don't know if @RMerlin can do anything about this, altough I'm hoping.
 
Last edited:
Hello,

When attempting ipv6 policy routing I've currently failing seemingly due to "ip rule ... suppress_prefixlength 0" does not seem to supress anything for ipv6 on some router models. It is meant to be able to consult a route table for routes more specific than prefix length 0, meaning use any routes but not default route. This comes very handy for policy routes.

To replicate we could setup a simple policy route table using some unknown internet destination. Let's choose 2600:: since it's easy to write:
We can check where router would normally route this by:
Code:
ip -6 route get 2600::
It would output to your wan ipv6.

Now, lets just tell the router that this destination is found on our lan for convenience, just for the sake of testing, I.e:
Code:
ip -6 route add 2600:: dev br0 table 10
ip -6 rule add from all to 2600:: lookup 10 prio 11

And we can try again:
Code:
ip -6 route get 2600::
Now the router wants to send this destination to br0 because we told it so. It's not going to work, but that's not the point.

Now we ask router to consult main table for all routes except the default route before going to our policy table, which should not find a route so it should not affect us:
Code:
ip -6 rule add from all to 2600:: lookup main suppress_prefixlength 0 prio 10

And we test again:
Code:
ip -6 route get 2600::
Now, unless there is a more specific route to 2600:: in main routing table the result we should get is br0. But on some routers it's wan meaning suppress_prefixlength have not suppressed anything. The same Commands works as expected on all routers I've tested on for ipv4.

Finally, to restore system after the test:
Code:
ip -6 rule del prio 10
ip -6 rule del prio 11

Routers tested that fails for ipv6:
RT-AX86U (388.8_?) https://www.snbforums.com/threads/wireguard-client-with-ipv6-enabled.92922/post-934311
RT-AX88U (388.8_4) many thanks to @archiel for testing this.

Routers tested that it works for ipv6:
RT-AX86U PRO - 388.8_2 & 388.8_4

I was hoping some more people could confirm this, so it's not just me. Or maybe I'm just doing something wrong or missing something?

I don't think Asus or @RMerlin uses this function in fw and I don't know if @RMerlin can do anything about this, altough I'm hoping.
I only wanted to say that ASUS Wrt Merlin running on my router, which was used to do some test, is version 3004.388.8_4
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top